Cybersecurity News


macOS malware: myth vs. reality – Week in security with Tony Anscombe

ESET research shows yet again that macOS is not immune to malware – and why some users can benefit from Apple’s Lockdown Mode

The post macOS malware: myth vs. reality – Week in security with Tony Anscombe appeared first on WeLiveSecurity

22 July 2022

Massive Losses Define Epidemic of ‘Pig Butchering’

U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “pig butchering,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
21 July 2022

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.
21 July 2022

Conti’s Reign of Chaos: Costa Rica in the Crosshairs

Conti’s Reign of Chaos: Costa Rica in the Crosshairs Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica?
20 July 2022

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems 300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.
20 July 2022

ESET Research Podcast: Hot security topics at RSA or mostly hype?

Listen to Cameron Camp, Juraj Jánošík, and Filip Mazán discuss the use of machine learning in cybersecurity, followed by Cameron’s insights into the security of medical devices

The post ESET Research Podcast: Hot security topics at RSA or mostly hype? appeared first on WeLiveSecurity

20 July 2022

Paving the Way: Inspiring Women in Payments - A Q&A featuring Lizzie Noblecilla Piscoya

 

Despite a lack of women in technology professions, Lizzie Noblecilla Piscoya believes that women have a promising future in cybersecurity. Lizzie believes that women, by their very nature, have an enormous capacity to adapt and to face new challenges, making them a perfect fit for a dynamic industry that is constantly evolving. In this edition of our blog, Lizzie describes the path that led to her own success, and how other women can develop a passion for this industry as she did.

19 July 2022

Authentication Risks Discovered in Okta Platform

Authentication Risks Discovered in Okta Platform Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.
19 July 2022

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

FBI Warns Fake Crypto Apps are Bilking Investors of Millions Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.
19 July 2022

I see what you did there: A look at the CloudMensis macOS spyware

Previously unknown macOS malware uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures from compromised Macs

The post I see what you did there: A look at the CloudMensis macOS spyware appeared first on WeLiveSecurity

19 July 2022

A Deep Dive Into the Residential Proxy Service ‘911’

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route malicious traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. The proxy service says its network is made up entirely of users who voluntarily install the proxy software. But new research shows 911 has a long history of purchasing installations via shady “pay-per-install” affiliate marketing schemes, some of which 911 operated on its own.
18 July 2022

 PCI DSS v4.0: Compensating Controls vs Customized Approach

 

A primary goal for PCI DSS v4.0 is to increase flexibility for organizations using different methods to achieve security objectives. One way the standard does this is with the introduction of the Customized Approach. We talk with Lauren Holloway, Director of Data Security Standards, to address some common questions about the Customized Approach.

18 July 2022

Google Boots Multiple Malware-laced Android Apps from Marketplace

Google Boots Multiple Malware-laced Android Apps from Marketplace Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.
18 July 2022

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2 Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.
18 July 2022

Why 8kun Went Offline During the January 6 Hearings

The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump's invitation to "be wild" in Washington, D.C. on that chaotic day. At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline. Watkins suggested the outage was somehow related to the work of the committee, but the truth is KrebsOnSecurity was responsible and the timing was pure coincidence.
15 July 2022

Emerging H0lyGh0st Ransomware Tied to North Korea

Emerging H0lyGh0st Ransomware Tied to North Korea Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.
15 July 2022

Think twice before downloading pirated games – Week in security with Tony Anscombe

Why downloading pirated video games may ultimately cost you dearly and how to stay safe while gaming online

The post Think twice before downloading pirated games – Week in security with Tony Anscombe appeared first on WeLiveSecurity

15 July 2022

Journalists Emerge as Favored Attack Target for APTs

Journalists Emerge as Favored Attack Target for APTs Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.
14 July 2022

‘Lives are at stake’: hacking of US hospitals highlights deadly risk of ransomware

‘Lives are at stake’: hacking of US hospitals highlights deadly risk of ransomware

The number of ransomware attacks on US healthcare organizations increased 94% from 2021 to 2022, according to one report

Last week, the US government warned that hospitals across the US have been targeted by an aggressive ransomware campaign originating from North Korea since 2021.

Ransomware hacks, in which attackers encrypt computer networks and demand payment to make them functional again, have been a growing concern for both the private and public sector since the 90s. But they can be particularly devastating in the healthcare industry, where even minutes of down time can have deadly consequences, and have become ominously frequent.

Continue reading...
14 July 2022

API security moves mainstream

The heavyweights are now moving into API security, cementing it as “A Thing”

The post API security moves mainstream appeared first on WeLiveSecurity

14 July 2022